Dr. Tom Shinder's Configuring ISA Server 2004 [Illustrated] [Paperback]

Thomas W. Shinder (Author), Debra Littlejohn Shinder (Author), Martin Grasdal (Author)

Book Description

ISBN-10: 1931836191 | ISBN-13: 978-1931836197 | Publication Date: August 1, 2004 | Edition: 2nd

Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft.

Dr. Tom and Debra Shinder have become synonymous with Microsoft's flagship firewall product ISA Server, as a result of Tom's prominent role as a member of the beta development team, and Tom and Deb's featured placement on both Microsoft's ISA Server Web site and ISAserver.org. Tom and Deb's book on the first release of the product "Configuring ISA Server 2000" dominated the ISA Server 2000 book market having sold over 40,000 copies worldwide, and the ISA Server community is eagerly awaiting Tom and Deb's book on ISA Server 2004, which is the dramatically upgraded new release from Microsoft. This book will be featured prominently on the ISAserver.org home page as well as referenced on Microsoft TechNet and ISA Server Web pages. Tom and Deb's unparalleled technical expertise combined with prime on-line marketing opportunities will make this the #1 book again in the ISA Server market.

* This book will provide readers with unparalleled information on installing, confiuguring, and troubleshooting ISA Server 2004 by teaching readers to: * Deploy ISA Server 2004 in small businesses and large organizations.

* Learn how to configure complex DMZ configurations using ISA Server 2004's new network awareness features and built-in multinetworking capabilities.

* Learn how to take advantage of ISA Server 2004's new VPN capabilities!

Editorial Reviews

From the Author

This book is based in large part on our own trials and tribulations (as well as the occasional "Eureka!" moment) that we’ve experienced working with ISA Server 2004. In this book, we are talking to people much like ourselves – experienced Windows network administrators who want to secure their networks and speed up Web access for their users without having to make a full-time vocation of it, learn programming, recompile kernels, or struggle with a brand new command syntax. We’re talking to people who want a security solution that is built to interoperate with their Windows domain controllers and Microsoft servers such as Exchange and SharePoint. We’re talking to experienced ISA 2000 administrators, those who are brand new to the world of firewalls, and those who are migrating from third-party firewall products.

----Tom and Debra Littlejohn Shinder

About the Author

Thomas W. Shinder, MD is an MCSE and has been awarded the Microsoft Most Valuable Professional (MVP) award for his work with ISA Server and is recognized in the firewall community as one of the foremost experts on ISA Server. His first two books on ISA Server have sold more than 50,000 units worldwide. Tom has consulted with major companies and organizations such as Microsoft Corp., Xerox, Lucent Technologies, FINA Oil, Hewlett-Packard, and the U.S. Department of Energy. Tom is the primary contributor on ISAserver.org (www.isaserver.org), where he answers hundreds of questions per week on the discussion boards and is the leading content contributor.

Product Details

• Paperback: 1024 pages
• Publisher: Syngress; 2nd edition (August 1, 2004)
• Language: English
• ISBN-10: 1931836191
• ISBN-13: 978-1931836197
• Product Dimensions: 9 x 7 x 2.3 inches
• Shipping Weight: 3.2 pounds (View shipping rates and policies)
• Average Customer Review: 4.2 out of 5 stars  See all reviews (20 customer reviews)
• Amazon Best Sellers Rank: #1,116,852 in Books (See Top 100 in Books)

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

Most Helpful Customer Reviews

55 of 58 people found the following review helpful:

5.0 out of 5 stars ISA 2004 maximized., February 6, 2005

By 

Steven L. Umbach (Bartlett, Il United States) - See all my reviews
(REAL NAME)   

This review is from: Dr. Tom Shinder's Configuring ISA Server 2004 (Paperback)

ISA 2004 is Microsoft's latest and greatest entry into the firewall market and make no mistake as that is what it is - a high performance, sophisticated, deep application filtering, enterprise class, but easy to configure firewall with the ability to be a VPN server, produce boatloads of reports and logging, and integrate with Active Directory for user authentication, even if not a domain member, via IAS/radius and also cache web content - whew! It is a very significant upgrade from ISA 2004 and in my opinion much easier to configure. The author and his community groups were very involved in helping Microsoft to develop ISA 2004 with real world user feedback and wants.

From reading the book Tom Shinder is obviously very enthusiastic about ISA 2004. This is not a book with a bunch of copy and pastes from the help files and Microsoft white papers. The authors are very familiar with ISA 2004 and network security and how to implement it in a number of different scenarios. There are many of the author's tricks and traps in configuration that can save you a lot of time setting up your ISA server. Each chapter ends with a summary "Solutions Fast Track" that are multi sentence main points of the chapter content followed by some helpful FAQ. Throughout the book are many references to Microsoft relevant articles and links to the author's website that is a great resource for any version of ISA. The focus of the book is not just on ISA 2004 but also the required network and client configuration to get everything working in harmony.

The book is well organized and you do not have to read the whole book to learn how to implement ISA 2004. There is a whole chapter just on features including comparison to ISA 2000 and another on comparing ISA 2004 to other enterprise firewalls such as CheckPoint, Cisco, and Netscreen to help you determine if ISA is right for you. The myth that a real firewall can not have a hard drive and only be configured by highly paid firewall consultants via the command line is debunked. Chapter 4 shows you how to configure and optimize your network for firewall protection. Gone is the LAT and now each network adapter can be configured separate from each other [including access rules between them] and allows the use of a DMZ. Proper dns configuration is frequently explained, including "split dns" as propers dns name resolution is crucial for a network to funtion and is often misunderstood. Chapter 5 goes into detail on the firewall clients - secure NAT, Firewall Client, and web proxy and how to determine which are best for you and how to implement and configure them in an automated fashion using Group Policy, DHCP, or DNS. Secure NAT is simply using the ISA server as the default gateway for the client which allows it to be used by any operating system. Web proxy and Firewall Client can be used to require user authentication in an access rule! Of course other chapters cover firewall rules [access rules], web and server publishing, installation, dns configuration including "split dns", configuring caching, VPN, using built in templates, how to implement ssl, backing up and restoring configuration, intrusion detection, running reports, configuring/viewing logs, IAS/radius integration, and more.

The chapter on VPN covers all the features including how to set up site to site VPN's using pptp, l2tp, or ipsec tunnel mode [for compatibility with third party devices]. ISA 2004 has the ability to create access rules to restrict what content the VPN users can access on the lan or internet and integrate with IAS/radius for user authentication. How to request and install certificates is shown for use with l2tp, ipsec, and web servers. The book is loaded with explicit step by step instructions such as for certificates so as not to leave the user scratching their head or trying to figure out exactly how to implement specific tasks. These step by step instructions will be of great help for the more novice ISA 2004 user. Publishing a web server and configuring it for ssl was covered in great detail for the various methods. Apparently this has been a problem point for ISA admins in the past [particualry proper certificate selection and installation] and the authors wanted to make sure users got it right.

Chapter 10 on stateful inspection and application layer filtering is of note. ISA 2004 has some very powerful abilities in this regard. They are not difficult for the most part to configure which the authors covered well but in addition they listed tables of specific recommendations of lists for particular HTTP security filters. For instance you can have an access rule and configure HTTP filtering for extensions to prevent users from downloading executeable content including .zip files. I tried to block .mp3 downloads via HTTP and it worked well for that also. Various methods were shown how to prevent users from using progamas like Kazaa and P2P applications with the various categories in HTTP filtering including headers and signatures. The same HTTP filtering can also be used when you publish a web server behind ISA 2004 for advanced protection from the internet. Numerous examples of using the built in netmon to capture network traffic to help show you how to spot entries to add to HTTP filters were given.

The logging and reports available with ISA 2004 give a great deal on information on what is going on with firewall access, intrusion detection, and user statistics. Chapter 12 shows you how to use the built in reports, create custom ones, and filter connected users and log views. It is easy to pull reports showing top websites visited, top web users, top protocols used, and top bandwidth users for instance. Most admins would find these reports very useful. It is easy to view currently connected users, including VPN, and what client they are using.

ISA 2004 is an impressive product that is relatively easy to use. Much more so than ISA 2000 in my opinion which helps lower it's TCO. Most users will be able to get up and running in no time at all and then be able to investigate the more advanced features which are numerous. Tom and Deb Shinder's book Configuring ISA Server 2004 will be of great help to anyone who wants to get the most out of ISA 2004 and explore all it's possibilities and implement them on their network for maximum network protection.

10 of 11 people found the following review helpful:

5.0 out of 5 stars None better; many try, July 8, 2005

By 

J. Harrison "JimmyJoeBob Alooba" (Redmond, WA) - See all my reviews
(REAL NAME)   

This review is from: Dr. Tom Shinder's Configuring ISA Server 2004 (Paperback)

Dr. Shinder's ISA 2004 book is quite literally *the bible* for ISA Server planning, installation, configuration, management and troubleshooting. Literally no where else is there the amount and variety of steps, tips, tricks and external references available to the reader.
The book begins with a tour of comparative data for nearly every other firewall / proxy on th market at press time - I triple-dog-dare any other book to attempt this; much less get it right.
In simple terms - get this book.

8 of 9 people found the following review helpful:

5.0 out of 5 stars DMZ, SIMPLICITY, BACK TO BACK, TRI-HOMED, July 8, 2005

By 

cismic "josephk" (Washington State) - See all my reviews

This review is from: Dr. Tom Shinder's Configuring ISA Server 2004 (Paperback)

I've have bought both ISA 2000 and ISA 2004 because I felt that Dr. Tom Shinder's books are a cut above the rest. I participate in ISA newsgroups, isaserver.org and isatools.org. While participating in those groups Thomas always gives advice freely in addition to the topics that the books have covered. Security, Firewalls and technology is dynamic in nature and the updates that Thomas provides for pre-review help keep me on my toes when it comes to ISA Server and firewall security in general. There are many possible types of configurations when utilizing ISA Server firewalls. ISA 2004 provides nice wizards to work with DMZ's, Perimeter, Internal and multiple subnets. But, I feel that you need to start with a fresh installation and not select a network type the first time through so you can see how all the network and access rules work together. Once you understand that use the wizards to your hearts content.

I prefer a back to back network with ISA boxes on both sides of the HONEYPOT DMZ, my internal ISA has 4 NICS. By using the books, visiting the news groups, and active participation with fellow ISA(ers), I've been very successful at working on my networks and clients networks.

Just because you think you know how to ride a bike doesn't mean you should not ask questions when starting down a new path. Or for safety's sake ware a helmet like the President. If you ask questions, buy the books and participate with ISA news groups setting up a tri-homed DMZ with public or private address is a breeze.

My advice is to start active participation with isaserver.org, isatools.org and join the lists.
If you don't have the book: BUY IT! Ok Thomas, (here's my free book plug to you!)

I have to say that my favorite chapter is 12 because I like to see the results of all my learned tweaks and settings! Monitoring, Logging and Reporting tools! Yeah baby!